letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Add "erase" option to REST deactivate request body

Browse Source 
This allows using the endpoint to deactivate a user without deleting it.

TODO: make the request body optional.
This commit is contained in:
Andrew Ferrazzutti
2025-07-03 13:22:17 -04:00
parent 26c08f9215
commit 58cd2ba993
2 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
crates/handlers/src/admin/v1/users/deactivate.rs
View File

@@ -8,6 +8,8 @@ use aide::{NoApi, OperationIo, transform::TransformOperation};
use axum::{Json, response::IntoResponse}; use axum::{Json, response::IntoResponse};
use hyper::StatusCode; use hyper::StatusCode;
use mas_axum_utils::record_error; use mas_axum_utils::record_error;
use schemars::JsonSchema;
use serde::Deserialize;
use mas_storage::{ use mas_storage::{
BoxRng, BoxRng,
queue::{DeactivateUserJob, QueueJobRepositoryExt as _}, queue::{DeactivateUserJob, QueueJobRepositoryExt as _},
@@ -49,6 +51,14 @@ impl IntoResponse for RouteError {
} }
} }
/// # JSON payload for the `POST /api/admin/v1/users/:id/deactivate` endpoint
#[derive(Deserialize, JsonSchema)]
#[serde(rename = "DeactivateUserRequest")]
pub struct Request {
/// Whether the user should be GDPR-erased from the homeserver.
erase: bool,
}
pub fn doc(operation: TransformOperation) -> TransformOperation { pub fn doc(operation: TransformOperation) -> TransformOperation {
operation operation
.id("deactivateUser") .id("deactivateUser")
@@ -76,6 +86,7 @@ pub async fn handler(
}: CallContext, }: CallContext,
NoApi(mut rng): NoApi<BoxRng>, NoApi(mut rng): NoApi<BoxRng>,
id: UlidPathParam, id: UlidPathParam,
Json(params): Json<Request>,
) -> Result<Json<SingleResponse<User>>, RouteError> { ) -> Result<Json<SingleResponse<User>>, RouteError> {
let id = *id; let id = *id;
let mut user = repo let mut user = repo
@@ -90,7 +101,7 @@ pub async fn handler(
info!(%user.id, "Scheduling deactivation of user"); info!(%user.id, "Scheduling deactivation of user");
repo.queue_job() repo.queue_job()
.schedule_job(&mut rng, &clock, DeactivateUserJob::new(&user, true)) .schedule_job(&mut rng, &clock, DeactivateUserJob::new(&user, params.erase))
.await?; .await?;
repo.save().await?; repo.save().await?;

23
docs/api/spec.json
View File

@@ -1359,6 +1359,16 @@
"style": "simple" "style": "simple"
} }
], ],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeactivateUserRequest"
}
}
},
"required": true
},
"responses": { "responses": {
"200": { "200": {
"description": "User was deactivated", "description": "User was deactivated",
@@ -3872,6 +3882,19 @@
} }
} }
}, },
"DeactivateUserRequest": {
"title": "JSON payload for the `POST /api/admin/v1/users/:id/deactivate` endpoint",
"type": "object",
"required": [
"erase"
],
"properties": {
"erase": {
"description": "Whether the user should be GDPR-erased from the homeserver.",
"type": "boolean"
}
}
},
"UserEmailFilter": { "UserEmailFilter": {
"type": "object", "type": "object",
"properties": { "properties": {